 * Create a signed Json Web Token for microservice authentication.
 * @return string A signed JSON Web Token
function createJWT()
    global $db, $areaGuid, $netID;
    // Get file name for private key
    $privateKey = getenv("PRIVATEKEYFILE");
    $privateKey = $privateKey != "" ? $privateKey : $_SERVER['DOCUMENT_ROOT'] . "/keys/key.pem";
    // Create JWT
    $signer = new \Lcobucci\JWT\Signer\Rsa\Sha256();
    $keychain = new \Lcobucci\JWT\Signer\Keychain();
    $builder = new \Lcobucci\JWT\Builder();
    $token = $builder->setIssuer(getenv("PRODURL"))->setIssuedAt(time())->setNotBefore(time() - 1)->setExpiration(time() + 120)->set("employee", $netID)->set("area", $areaGuid)->sign($signer, $keychain->getPrivateKey(file_get_contents($privateKey)))->getToken();
    return $token->__toString();
Beispiel #2
 public function testEncrypt()
     $config = new \Lcobucci\JWT\Builder();
     // This object helps to simplify the creation of the dependencies
     // instead of using "?:" on constructors.
     $token = $config->setIssuer('http://example.com')->setAudience('http://example.org')->setId('4f1g23a12aa', true)->setIssuedAt(time())->setNotBefore(time() + 60)->setExpiration(time() + 3600)->set('uid', 1)->getToken();
     // Retrieves the generated token
     $secureJwt = new \SecureJwt\SecureJwt('./sec/encryption.key');
     $securedToken = $secureJwt->encryptToken((string) $token);
     $tokenString = $secureJwt->decryptToken($securedToken);
     $newToken = (new \Lcobucci\JWT\Parser())->parse($tokenString);
     $this->assertEquals($token->getClaim('uid'), $newToken->getClaim('uid'));
 * Send an authenticated request to one of the TMT micro-services
 * @param $method string The HTTP method to use ("GET", "POST", "PUT", "DELETE")
 * @param $url    string The url to make the request to
 * @param $data   array  Any data to pass in POST data (GET data should be included in the $url)
 * @return The response: an array created by json-decoding the response body
function sendAuthenticatedRequest($method, $url, $data = array())
    global $netID;
    global $db;
    global $areaGuid;
    // Find private key
    $dir = getenv("KEYSDIRECTORY");
    $dir = $dir != "" ? $dir : $_SERVER['DOCUMENT_ROOT'] . "/keys";
    // Get file name for private key
    $privateKey = getenv("PRIVATEKEYFILE");
    $privateKey = $privateKey != "" ? $privateKey : $_SERVER['DOCUMENT_ROOT'] . "/keys/key.pem";
    // Create JWT
    $signer = new \Lcobucci\JWT\Signer\Rsa\Sha256();
    $keychain = new \Lcobucci\JWT\Signer\Keychain();
    $builder = new \Lcobucci\JWT\Builder();
    $token = $builder->setIssuer(getenv("PRODURL"))->setIssuedAt(time())->setNotBefore(time() - 1)->setExpiration(time() + 120)->set("employee", $netID)->set("area", $areaGuid)->sign($signer, $keychain->getPrivateKey(file_get_contents($privateKey)))->getToken();
    // Start building options
    $curl_options = array();
    switch ($method) {
        case "POST":
            $curl_options[CURLOPT_POST] = true;
            $curl_options[CURLOPT_POSTFIELDS] = http_build_query($data);
        case "PUT":
            $curl_options[CURLOPT_CUSTOMREQUEST] = "PUT";
            $curl_options[CURLOPT_POSTFIELDS] = http_build_query($data);
        case "DELETE":
            $curl_options[CURLOPT_CUSTOMREQUEST] = "DELETE";
        case "GET":
            $curl_options[CURLOPT_HTTPGET] = true;
    $curl_options[CURLOPT_URL] = $url;
    $curl_options[CURLOPT_RETURNTRANSFER] = true;
    $curl_options[CURLOPT_SSL_VERIFYPEER] = false;
    $curl_options[CURLOPT_SSL_VERIFYHOST] = false;
    $curl_options[CURLOPT_HTTPHEADER] = array("Authorization: " . $token->__toString());
    // Set options and execute curl
    $curl_handle = curl_init();
    $options_set = curl_setopt_array($curl_handle, $curl_options);
    $response = curl_exec($curl_handle);
    return json_decode($response, true);